Bizarre Essex Police #cyberaware Tweet Mystery

It may well be National Cyber Security Awareness Month, but no matter who you are things can still go wrong in the blink of an eye. Namely, the following Tweet from Essex Police using the #cyberaware hashtag:

Had they been compromised, or did someone fall asleep at the Twitter wheel? Examining the now deleted missive reveals some definite weirdness here. For starters, it says “http://” will protect your data. This is incorrect – one assumes they forgot to include the “s” at the end of http. Or perhaps whoever posted this Tweet was up to a bit of mischief with a splash of intentionally incorrect advice, assuming they had been hijacked?

Either way, the shortened URL attached to the Tweet is where things become very peculiar. First off: the Goo.gl link was created way back in 2011 – this isn’t something that’s been put together specifically for the occasion of pranking a law enforcement feed.

We have a not-so-grand total of 342 clicks since the link was created – and in terms of clicks today, the tally appears to be rather low. I’m not 100% sure of the time the Tweet went out, but if we assume around 10AM, even by half past there’s only been about 30 something clicks at peak clicking time.

Of course, one would argue that even one click is one click too many which is a fair point.

As for the content of the site itself? It’s a redirect which starts with

Elaborate prank? Peculiar stealth recruitment test? I’ve no idea. It’s possible that the original redirect URL pointed to other sites which may well have been malicious and has since been aimed at the GCHQ link for a bit of a giggle. We’ll continue to dig into the details and update this post with any fresh information.

September 15, 2016 - Phishing URL compromise is surprisingly common, as many phish pages are fully expected to have a short shelf life. Of course, having a site taken down isn't the only thing making life difficult for phishers. As you'll see, it's often the least of their worries given the surprisingly plentiful ways people want to celebrate International Give a Phisher a Headache Day.